# inspiration: https://github.com/astro/skyflake/blob/main/nixos-modules/nomad.nix
{ pkgs, config, ... }:
let
  servers = [ "c1" "c2" "c3" ];
  server_enabled = builtins.elem config.networking.hostName servers;
in
{
  services.nomad = {
    enable = true;
    # true breaks at least CSI volumes
    dropPrivileges = false;

    settings = {
      datacenter = "alo";

      client = {
        enabled = true;
        server_join.retry_join = servers;
        host_network.tailscale.interface = "tailscale0";
      };

      server = {
        enabled = server_enabled;
        bootstrap_expect = (builtins.length servers + 2) / 2;
        server_join.retry_join = servers;
      };
    };

    extraSettingsPaths = [ "/etc/nomad-alo.json" ];
  };

  environment.etc."nomad-alo.json".text = builtins.toJSON {
    plugin.docker.config.allow_privileged = true;
  };

  environment.persistence."/persist".directories = [
    "/var/lib/docker"
    "/var/lib/nomad"
  ];

  environment.systemPackages = with pkgs; [
    nomad
    wander
    damon
  ];

  networking.firewall = {
    allowedTCPPorts = if server_enabled then [ 4646 4647 4648 ] else [ 4646 ];
    allowedUDPPorts = if server_enabled then [ 4648 ] else [];
  };
}